[VIM] Regarding Web-APP.org WebAPP CVE Entry Details
Web-APP
webapp at web-app.org
Thu Jun 28 20:05:39 UTC 2007
Hi once more,
Two more corrections, and I think the rest is okay. Sorry for the mistakes but this was a long list. Took several hours to figure it all out. I was checking it but got distracted and sent it I guess before checked thoroughly enough.
These 2 have the versions changed:
No log viewer before 0.9.9.3:
CVE-2007-1175 - Cross-site scripting (XSS) vulnerability in an admin
feature - The log viewer when HTML is entered as a spoofed user agent.
Discovered by Blackcode.
http://newbc.blackcode.com/forum/index.php?t=msg&rid=0&th=1167&goto=10145#msg_10145 .
Vulnerable: web-app.org WebAPP 0.9.9.3, 0.9.9.3.1, 0.9.9.3.2, 0.9.9.3.5,
0.9.9.4; web-app.net WebAPP NE v0.9.9.3.3, 0.9.9.3.4; web-app.net WebAPP NE
2007 through at least 20070624.
No Gallery before 0.9.9.3:
CVE-2007-1176 - Multiple cross-site scripting (XSS) vulnerabilities in in
Gallery feedback, Gallery comments, Search results, Statistics log viewer -
Gallery XSS was persistent. Search results is client side and found by
Blackcode, posted at
http://newbc.blackcode.com/forum/index.php?t=msg&rid=0&th=1167&goto=10033#msg_10094 .
Statistics log viewer was same as entry CVE-2007-1175 . Vulnerable: Gallery: web-app.org WebAPP v0.9.9.3, 0.9.9.3.1, 0.9.9.3.2, 0.9.9.3.5, 0.9.9.4;
web-app.net WebAPP NE v0.9.9.3.3, 0.9.9.3.4; web-app.net WebAPP NE 2007
through at least 20070624. Search Results: web-app.org WebAPP v0.8, 0.9, 0.9.3, 0.9.4, 0.9.5, 0.9.7, 0.9.8, 0.9.9,
0.9.9.1, 0.9.9.2, 0.9.9.3, 0.9.9.3.1, 0.9.9.3.2, 0.9.9.3.5, 0.9.9.4;
web-app.net WebAPP NE v0.9.9.3.3, 0.9.9.3.4; web-app.net WebAPP NE 2007
through at least 20070624. Statistics Log Viewer: See CVE-2007-1175.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.attrition.org/pipermail/vim/attachments/20070628/5fc4e582/attachment.html
More information about the VIM
mailing list